107 matches found
CVE-2007-2249
Phorum prior to 5.1.22 contains an injection/privilege escalation issue in include/controlcenter/users.php. Remote authenticated moderators can upgrade their privileges by altering the (1) user_ids POST parameter or (2) userdata array, affecting the authentication/authorization checks in the cont...
CVE-2007-2249
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified 1 userids POST parameter or 2 userdata array...
CVE-2006-2249
CVE-2006-2249 describes multiple cross-site scripting (XSS) vulnerabilities in the CuteNews package, specifically in search.php for version 1.4.1 and earlier, and possibly 1.4.5. The weaknesses allow remote attackers to inject arbitrary script or HTML via the (1) user, (2) story, or (3) title par...
CVE-2004-2249
Technical details about CVE-2004-2249 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2004-2249
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions...
CVE-2005-2249
The CVE relates to Jinzora, specifically multiple unknown vulnerabilities in version 2.0.1 with a confirmed route related to PHP include_path, described in connected analyses as a Remote File Inclusion issue. The Nessus entry for Jinzora Multiple Script include_path Parameter Remote File Inclusio...
CVE-2004-2249
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions...